# Maintainer: David Runge <dvzrv@archlinux.org>

pkgname=ipxe
pkgver=1.21.1
_commit=c1834f323f4f6b9b46cd5895b1457a117381363f
pkgrel=5
pkgdesc="Network bootloader"
arch=(loong64 x86_64)
url="https://ipxe.org"
license=(GPL2 custom:UBDL)
makedepends=(git cdrtools)
optdepends=(
  'bash: for run_ipxe'
  'qemu-desktop: for run_ipxe'
  'edk2-ovmf: for run_ipxe'
)
# the TLS chain of trust is described at the upstream letsencrypt website:
# https://letsencrypt.org/certificates/
# the code signing setup is described in Arch Linux's releng repository:
# https://gitlab.archlinux.org/archlinux/releng/-/blob/master/README.rst#code-signing
source=(
  git+https://github.com/$pkgname/$pkgname.git#commit=${_commit}
  arch.ipxe
  isrgrootx1.pem
  lets-encrypt-r3.pem
  codesigning_pierre_archlinux.pem
  remote.ipxe
  general.h
  run_$pkgname
  ipxe-la64.patch
)
sha512sums=('SKIP'
            'baa5de9f2714d626041455f7d6764b3ed7a8d6a375bd7721312a5be3ccab93764e1f72d349d404196badf1e751435cc3f7f61800fd643e2035f9616be1770a00'
            'b819e7965412dbeecc6417b1e57356d9b10e8e2feb0db1165947e7e1b7d882de226afb8457475f5107393a981d902c7f405500cadb6f61bd2acbca5d8c7cc1f4'
            '7ff2a6b6501b30806e19446d569db0348c0457c15a9c86f186d957607278ee3cbeedd8307e1ff6dc5c0740545192eada7c0f84cdeb8ff39e6b85bd3fc400a914'
            'e3a8c74dcf95cb4b77ed379d2185ef56b6ab2f4c7bdaf5a68876d21aca4d7961b0d8090da7132c6f1797bdca24014dfea032129ee207282797b91e31b6dc4d48'
            '9162f528cd0080b9231785795f08d3229c52ce3c18ca5a6efcfbea5028e103a294ddef79a0f28ab64b8d0cdcb9e6cdd7fee797766ad2c3d1dbc3891ddeb4b553'
            '2522b1a76a466aa0d396d4616de38929ca3198e218f763545220a14f66127618bce2d46179999fd697e1d0f0a585ca1e58347b3a7dd5795331c395e1e5972788'
            '4f026baf7d30ef33b660530001b3bcf8189a7d1a11603ccb126957d07070283907c8207dad912ff4c735b8a0376c8a5383fef2235ac3b71ef519d7201c079b93'
            '4a74676c26f286811852566a7edf0b3399fd8165550848dd004c7b28bb9bf06990f4f232623ae5e2ba2edcd27b88d422225c0687d883551405e905aad7ce98a8')
b2sums=('SKIP'
        '294a510a4ca0d80fcaa2b67f9083ca91ae17270f73bee35728a6c42519599f5d60896d4e279a794a8a0237de3e1a751356d670fb722b6507057303c0f1efec7f'
        '6d02d871afa45caaa2b22ea2ed48217012aeeb61c50b28e82cc0750344719bdb9ef4b0100abc524b12ec6cb2b1c0084f4d24ce480af87b52aa39d4d3714467ca'
        '44fc45af926d8c0a563b81640764a4ced266f857c72113839dcd5d441c030bb6f78576b04fcbd8b17f645ed4e2701a4634e55755f13210fa880f442ad6fbb5b1'
        'a61f76a2ecbf344bb26e064146e4c6821ee195c7b7579cbf8c61d60ded3c3946d53329a8c2e795435ef5498bec97042472f186c13b4e0dc274da34d047f8f326'
        'f38eec3584967f9a8d4f9f2cc39803de9fa21fd1406efe802c3422f6de30c79e4cd679e775a886f778a40aacb81b9c4120d7205178284cacf69fa7d43557a906'
        'cdcb27a945397e7a8ef5214a31b69c4120ce1608359e0b11bbdb191169d4e10404953dc42bf9351f75beec0d8c6727bc0d053978026e50f145ef0881dae91bc1'
        '9c7a8eb0f9aafdc336d7eac984b6f1fcbb875d1589fb4b67f45393054f66e916c1157e1bb4e8d02af68e6438dff68a812e57bbf685a0b477634891e49c1c3284'
        'a044ef24fe2de06ce371f6f8c6b9eeb736d41057f1190c5eb93fd9d91374631bd68502112492d72cf020520ecb94bf3077f163fcf3c005ad286fea979591cf8b')

prepare() {
  # fix issues with fragmented handshakes (e.g. fullchain.pem when using a letsencrypt certificate):
  # https://github.com/ipxe/ipxe/issues/407
#patch -Np1 -d $pkgname-$pkgver -i ../$pkgname-1.21.1-fragmented_handshake.patch
  patch -Np1 -d $pkgname -i ../ipxe-la64.patch
  ln -s $pkgname $pkgname-$pkgver
  # symlink header with custom configuration into place
  ln -sv ../../../../general.h $pkgname/src/config/local/
}

build() {
  local _file _certs=""
  local _options=(
    NO_WERROR=1
    bin-loong64-efi/ipxe.efi
    -C src
  )

  # add certs
  for _file in "${source[@]}"; do
    if [[ "$_file" == *.pem ]]; then
      _certs+="$srcdir/$_file,"
    fi
  done

  cd $pkgname-$pkgver
  # build arch specific images
  # TODO: adapt arch.ipxe as soon as we can fix https://bugs.archlinux.org/task/70767
  # NOTE: to debug issues with TLS or codesigning, add "DEBUG=open,tls,x509:3,certstore,privkey"
  make EMBED="$srcdir/arch.ipxe" CERT="$_certs" TRUST="$_certs" "${_options[@]}"

  # move binaries out of the way
  mv -v src/bin-loong64-efi/ipxe{,-arch}.efi

  # build remote images
  make EMBED="$srcdir/remote.ipxe" "${_options[@]}"

  # move binaries out of the way
  mv -v src/bin-loong64-efi/ipxe{,-remote}.efi

  # build default images
  make "${_options[@]}"

}

package() {
  local _arch

  cd $pkgname-$pkgver
#install -vDm 644 src/bin/ipxe{,-arch,-remote}.{lkrn,pxe} -t "$pkgdir/usr/share/$pkgname/"
  for _arch in loong64; do
    install -vDm 644 src/bin-$_arch-efi/ipxe{,-arch,-remote}.efi -t "$pkgdir/usr/share/$pkgname/$_arch/"
  done
  install -vDm 644 COPYING.UBDL -t "$pkgdir/usr/share/licenses/$pkgname/"

  install -vDm 755 ../run_$pkgname -t "$pkgdir/usr/bin/"
}
